What You Should Know About HIPAA and HIPAA Compliance

HIPAA stands for Health Insurance Portability and Accountability Act. There is a federal law enacted in 1996 as an attempt to progressive health care reform and experts believe it to be the most important health care legislation since Medicare in 1965.

HIPAA is intended to reform the healthcare industry by reducing costs., Simplify administration process and burdens, and improve the privacy and security of patient data

There are two separate and distinct tracks of HIPAA umbrella: HIPAA Privacy and HIPAA Security. HIPAA Privacy linked to the protection and privacy ‘protected health information (PHI) and HIPAA security relates to the protection and privacy of individuals persons protected health information in electronic form (ePHI). HIPAA Privacy is what most of us think of when we hear the term HIPAA (HIPAA Awareness Training, Privacy notice, authorization forms, etc) but the HIPAA Security tends to be more the focus of the organization’s IT department because it deals with encryption , electronic security, disaster recovery, etc.

need to worry about HIPAA? There are two main categories under HIPAA: Covered Entities and business associates. Covered Entities are the types of organizations / individuals who are directly protected health information and consist of health care, health insurance providers and employer-sponsored group health plans. Someone outside of these categories is considered colleague. Business associates are medical company billing, medical storage, marketing agencies, software companies, medical device manufacturers, etc.

Although the DHHS (Department of Health and Human Services) regulates the parties, business associates are rules for closed parties they working with through a business associate agreement (alternatively called colleague contract)

HIPAA compliance includes two categories :. being HIPAA training and other implementation processes, procedures and forms related to HIPAA.

Although a lot of rules in HIPAA may seem like common sense, think of them as just providing some standardization so individuals and organizations involved in their care can know what to expect of each other .

HIPAA compliance need not be a complicated process and the installation can be relatively little effort to maintain.